Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/2/2017
05:30 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Mischel Kwon Unplugged

Security Pro File: Kwon talks about her tenure at DOJ and US-CERT, winning a WiFi antenna contest at DEF CON, voice lessons - and her brief stint as an industry 'float princess.'

She was craving a soda, but each time Mischel Kwon aced a logic problem the Computer Learning Center representatives put in front of her, they fed her yet another test question.

"They gave me more and more problems, and all I wanted was to go get a soda," Kwon recalls of her 19-year-old self that day at a Northern Virginia suburban shopping mall in the early 1980s. A CLC rep there had stopped her and asked if she wanted to take one of their tests. "I said, sure, I'll take it," not knowing what it was, recalls the former federal government cybersecurity executive.  

Kwon never got her Coca-Cola that day at the mall, but her high score on the test won her a full scholarship to attend CLC's computer training program, where she ended up graduating at the top of her class. She later landed her first job in technology, as an Assembler programmer for retail giant Woodward & Lothrop, where she wrote code for the very first automated cash-register system in the Washington, DC, area.

Like most pioneers in the security industry, Kwon, the former director of the US-CERT and former deputy CISO at the US Department of Justice, landed in security by chance. But along the way, she says her work in IT in the pre-security industry days was also unknowingly honing her security skills. She worked on IBM mainframes while at Woodward & Lothrop, coding and developing patch management systems for the big iron. "I started at the base of the system and learned everything about it, and the network, too, and that translates to a good understanding of the technology" of security, she says.

"I did security all along the way, and had no idea I was doing security," Kwon recalls. "I was so wrapped up with IT."

It's that epiphany that has helped shape Kwon's view that one of the biggest missteps in IT history was separating IT and IT security into separate departments and sectors. It was mistake, she says, to decouple the two worlds. "Melding of IT and the security operations center is absolutely required. We tore them apart with separation of duties years ago," she says. "But adversaries don't separate duties."

Today's gaps among IT, the SOC, and security teams, basically give the bad guys an edge, Kwon explains. "Security should get its data from the SOC and how they protect the network. These days, it's being based on security controls and compliance, but we need to move to an operational security model."

Filling those gaps is at the heart of the strategy of the security consulting and SOC managed services security company Kwon launched in 2010, MKACyber. "I was wanting to get back to my tech roots and wanting to make a difference," she says of her decision to start the firm, where she serves as president and CEO.

Firsts

Born to a Korean father and an American mother from North Carolina, Kwon grew up in a diverse yet traditional household that emphasized education. In the early 1960's when she was born, it was illegal for her parents to be married in North Carolina. The family later moved around the US for her father's career as a toxicologist.

"As a Korean man, it was never his intention for me to work. I was raised to be a mom and a very traditional woman," she says. "My mom had other ideas, though. She thought I was going to be a singer."

Kwon's parents both were opera singers, and her mom put her in voice lessons mainly to deprogram her native North Carolina accent. "I had a very big southern drawl, and it comes back when I go back to Shelby, North Carolina," my hometown, she says.

Math was always fun for Kwon. Because she grew up before the age of personal computers, she wasn't exposed to coding until later. The closest thing she had to a computer growing up was a Nintendo. "We played Pong," she says. She met her first computer in high school in Fairfax, Va.

After her mainframe stint with the now-defunct Woodward & Lothrop, she realized she needed a college degree to further her career. So Kwon applied for and won a Clare Boothe Luce scholarship, and in 2002, she went back to school to get her undergraduate degree in computer science at Marymount University, and then her Master's Degree in information assurance at George Washington University. At the time she was also a mother of four kids between the ages of 4 and 12. "I was working" then as well as taking classes, she says.

While still a grad student in 2004 doing research on wireless technology and hacking, Kwon got her first real taste of the hacker scene at the DEF CON hacker convention in Las Vegas. She won "Most Innovative" in the WiFi Shootout contest for her handmade antenna made out of a cardboard box. "I read the instructions wrong that you couldn't use any antenna parts," she recalls, so she built it from scratch. "I had it engineered to go one mile," she recalls, and it got close, reaching .8 miles.

Her career was refreshed after getting her Masters. "Security was a big open space that I was just curious about, how to break everything, how to hack into everything, and how to protect everything. I had a big love for wireless."

Kwon's first big security job was as deputy CISO for the Department of Justice, where she built out the Justice Security Operations Center, after an initial gig as director of wireless security for the agency. While that's where Kwon first made a big name for herself in security, it was a lesser-known project she worked on there that she says she's most proud of during her tenure. While performing a penetration test on Motorola's mobile radio system, she and her team "owned the whole system within a couple of hours," she recalls.

Motorola then worked, with the help of Kwon's DOJ team, on re-engineering the radio systems to become secure. "Land mobile radio so strategic for them," she says, and they continued to work with Kwon after she left DOJ to continue locking down that wireless product. "That was the best work I've ever done in the security field," she says.

During her 18-month gig as director of the US-CERT, where in 2008 she was the first woman named to the post as well as the first director with technical expertise, Kwon got a reality-check about the state of security in the federal government: "I was shocked to find out they [civilian agencies] didn't know what attacks were about," she says. "My main mission was to help agencies. There was a large need to educate federal SOCs and give them guidance and information," she recalls.

So she launched so-called Joint Agency Cyber Knowledge Exchange meetings to help spread the word and educate agencies. "They were so popular that there was not a large enough SKIF area for us to hold a secret-level meeting," she says.

While head of the US-CERT was one of her favorite jobs, the politics of the newbie DHS began to wear on Kwon. "The job itself was awesome. But DHS was a political nightmare. It was like running down the hall juggling scissors," Kwon says. "It was a fairly new agency. Mature agencies have decorum, a culture, a way of behaving, sound hiring practices and rules of behavior. DHS was missing all of that."

That made it a difficult culture for success, causing problems with contracts and "unhealthy behavior," as Kwon describes it. "It made it difficult to do any work. I didn't have the patience for that."

She then returned to the private sector as vice president for public sector security solutions at RSA. Kwon quips that that job ended up as more of a "float princess" role where she was paraded out as a former government cybersecurity executive. "It was an interim gig," she says of her one year at RSA.

#MeToo

Like many professional women, Kwon has experienced her share of sexual harassment during her career. "No question: Me, too," she says.

Working long and late hours as a young woman, she says she always "had to worry" about her safety. And there were the questions: Did I get the job because I was a woman? "I hope I got it because I was talented," she says.

Kwon points out that sexual harassment and discrimination are not just a workplace thing. "It's our societal norm."

That's why Kwon says she created the Cybersecurity Diversity Foundation, which offers scholarship funds and promotes corporate commitments to build a more diverse workforce in the industry.

"Not just because I'm a woman, but also because my last name is Kwon and I'm half-Korean," she says of her personal experience. "I definitely found myself not being included, not being heard … and being dismissed," she says.

The good news is that a conversation has begun about implicit biases, she says. "It's not going to be something we can fix overnight," though, Kwon notes.

 

 

PERSONALITY BYTES

Worst day ever at work: Being fired. I worked for Network Solutions when I was 25 and was fired for "participating in office politics."

First Hack: Cell-phone hacking. When I went back to school, I did a lot of breaking things. Phones were pretty open [then].

What Kwon's co-workers don't know about her that would surprise them: That I’m a softie at heart. They figure it out eventually, but most people think that I'm a hard-ass.

Security must-haves: Up-to-date, non-DOS machine.

Business hours: I usually sleep between 2am & 6am, for a total of four hours a night. The rest of the time is working, either in my career or as Mom.

What keeps Kwon up at night: I'm less worried about adversaries. I'm more worried about system owners and businesses not taking care of their systems – not patching, not wiping [when swapping out old systems], and not looking at their architecture to make sure its current for today.

Fun fact: I had a Token Ring network in my house. My father was getting rid of Token Ring at work.

Favorite hangout: My bed at the beach.

Comfort food: Vegan mac and cheese or kimchi and rice.

In her music playlist right now: Beatles, Red Hot Chili Peppers, Rolling Stones, Eagles, Carly Simon, Carole King

Ride: BMW M4 convertible

After Hours: Play with my kids, yoga, play the guitar, spend time at the Outer Banks, NC.

Actress who would play Kwon in film: Catherine Zeta-Jones, specifically from the movie "Zorro" … I wish!

Next career after security: Making biscuits.

 

Hear Mischel Kwon discuss building and running an effective SOC, at Dark Reading's INsecurity conference. See the full agenda here.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Robotdon
50%
50%
Robotdon,
User Rank: Apprentice
11/4/2017 | 11:02:58 AM
Good
Interesting!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark Reading,  7/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17366
PUBLISHED: 2020-08-05
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate...
CVE-2020-9036
PUBLISHED: 2020-08-05
Jeedom through 4.0.38 allows XSS.
CVE-2020-15127
PUBLISHED: 2020-08-05
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flip...
CVE-2020-15132
PUBLISHED: 2020-08-05
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that th...
CVE-2020-7298
PUBLISHED: 2020-08-05
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.